2
0

main.c 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370
  1. /*
  2. * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include <string.h>
  11. #include <signal.h>
  12. #include <openssl/ssl.h>
  13. #include <openssl/err.h>
  14. #include <signal.h>
  15. #if !defined(OPENSSL_SYS_WINDOWS)
  16. #include <unistd.h>
  17. #include <sys/socket.h>
  18. #include <arpa/inet.h>
  19. #include <netinet/in.h>
  20. #else
  21. #include <winsock.h>
  22. #endif
  23. static const int server_port = 4433;
  24. typedef unsigned char bool;
  25. #define true 1
  26. #define false 0
  27. /*
  28. * This flag won't be useful until both accept/read (TCP & SSL) methods
  29. * can be called with a timeout. TBD.
  30. */
  31. static volatile bool server_running = true;
  32. static int create_socket(bool isServer)
  33. {
  34. int s;
  35. int optval = 1;
  36. struct sockaddr_in addr;
  37. s = socket(AF_INET, SOCK_STREAM, 0);
  38. if (s < 0) {
  39. perror("Unable to create socket");
  40. exit(EXIT_FAILURE);
  41. }
  42. if (isServer) {
  43. addr.sin_family = AF_INET;
  44. addr.sin_port = htons(server_port);
  45. addr.sin_addr.s_addr = INADDR_ANY;
  46. /* Reuse the address; good for quick restarts */
  47. if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof(optval))
  48. < 0) {
  49. perror("setsockopt(SO_REUSEADDR) failed");
  50. exit(EXIT_FAILURE);
  51. }
  52. if (bind(s, (struct sockaddr*) &addr, sizeof(addr)) < 0) {
  53. perror("Unable to bind");
  54. exit(EXIT_FAILURE);
  55. }
  56. if (listen(s, 1) < 0) {
  57. perror("Unable to listen");
  58. exit(EXIT_FAILURE);
  59. }
  60. }
  61. return s;
  62. }
  63. static SSL_CTX* create_context(bool isServer)
  64. {
  65. const SSL_METHOD *method;
  66. SSL_CTX *ctx;
  67. if (isServer)
  68. method = TLS_server_method();
  69. else
  70. method = TLS_client_method();
  71. ctx = SSL_CTX_new(method);
  72. if (ctx == NULL) {
  73. perror("Unable to create SSL context");
  74. ERR_print_errors_fp(stderr);
  75. exit(EXIT_FAILURE);
  76. }
  77. return ctx;
  78. }
  79. static void configure_server_context(SSL_CTX *ctx)
  80. {
  81. /* Set the key and cert */
  82. if (SSL_CTX_use_certificate_chain_file(ctx, "cert.pem") <= 0) {
  83. ERR_print_errors_fp(stderr);
  84. exit(EXIT_FAILURE);
  85. }
  86. if (SSL_CTX_use_PrivateKey_file(ctx, "key.pem", SSL_FILETYPE_PEM) <= 0) {
  87. ERR_print_errors_fp(stderr);
  88. exit(EXIT_FAILURE);
  89. }
  90. }
  91. static void configure_client_context(SSL_CTX *ctx)
  92. {
  93. /*
  94. * Configure the client to abort the handshake if certificate verification
  95. * fails
  96. */
  97. SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
  98. /*
  99. * In a real application you would probably just use the default system certificate trust store and call:
  100. * SSL_CTX_set_default_verify_paths(ctx);
  101. * In this demo though we are using a self-signed certificate, so the client must trust it directly.
  102. */
  103. if (!SSL_CTX_load_verify_locations(ctx, "cert.pem", NULL)) {
  104. ERR_print_errors_fp(stderr);
  105. exit(EXIT_FAILURE);
  106. }
  107. }
  108. static void usage(void)
  109. {
  110. printf("Usage: sslecho s\n");
  111. printf(" --or--\n");
  112. printf(" sslecho c ip\n");
  113. printf(" c=client, s=server, ip=dotted ip of server\n");
  114. exit(EXIT_FAILURE);
  115. }
  116. #define BUFFERSIZE 1024
  117. int main(int argc, char **argv)
  118. {
  119. bool isServer;
  120. int result;
  121. SSL_CTX *ssl_ctx = NULL;
  122. SSL *ssl = NULL;
  123. int server_skt = -1;
  124. int client_skt = -1;
  125. /* used by fgets */
  126. char buffer[BUFFERSIZE];
  127. char *txbuf;
  128. char rxbuf[128];
  129. size_t rxcap = sizeof(rxbuf);
  130. int rxlen;
  131. char *rem_server_ip = NULL;
  132. struct sockaddr_in addr;
  133. #if defined(OPENSSL_SYS_CYGWIN) || defined(OPENSSL_SYS_WINDOWS)
  134. int addr_len = sizeof(addr);
  135. #else
  136. unsigned int addr_len = sizeof(addr);
  137. #endif
  138. #if !defined (OPENSSL_SYS_WINDOWS)
  139. /* ignore SIGPIPE so that server can continue running when client pipe closes abruptly */
  140. signal(SIGPIPE, SIG_IGN);
  141. #endif
  142. /* Splash */
  143. printf("\nsslecho : Simple Echo Client/Server : %s : %s\n\n", __DATE__,
  144. __TIME__);
  145. /* Need to know if client or server */
  146. if (argc < 2) {
  147. usage();
  148. /* NOTREACHED */
  149. }
  150. isServer = (argv[1][0] == 's') ? true : false;
  151. /* If client get remote server address (could be 127.0.0.1) */
  152. if (!isServer) {
  153. if (argc != 3) {
  154. usage();
  155. /* NOTREACHED */
  156. }
  157. rem_server_ip = argv[2];
  158. }
  159. /* Create context used by both client and server */
  160. ssl_ctx = create_context(isServer);
  161. /* If server */
  162. if (isServer) {
  163. printf("We are the server on port: %d\n\n", server_port);
  164. /* Configure server context with appropriate key files */
  165. configure_server_context(ssl_ctx);
  166. /* Create server socket; will bind with server port and listen */
  167. server_skt = create_socket(true);
  168. /*
  169. * Loop to accept clients.
  170. * Need to implement timeouts on TCP & SSL connect/read functions
  171. * before we can catch a CTRL-C and kill the server.
  172. */
  173. while (server_running) {
  174. /* Wait for TCP connection from client */
  175. client_skt = accept(server_skt, (struct sockaddr*) &addr,
  176. &addr_len);
  177. if (client_skt < 0) {
  178. perror("Unable to accept");
  179. exit(EXIT_FAILURE);
  180. }
  181. printf("Client TCP connection accepted\n");
  182. /* Create server SSL structure using newly accepted client socket */
  183. ssl = SSL_new(ssl_ctx);
  184. if (!SSL_set_fd(ssl, client_skt)) {
  185. ERR_print_errors_fp(stderr);
  186. exit(EXIT_FAILURE);
  187. }
  188. /* Wait for SSL connection from the client */
  189. if (SSL_accept(ssl) <= 0) {
  190. ERR_print_errors_fp(stderr);
  191. server_running = false;
  192. } else {
  193. printf("Client SSL connection accepted\n\n");
  194. /* Echo loop */
  195. while (true) {
  196. /* Get message from client; will fail if client closes connection */
  197. if ((rxlen = SSL_read(ssl, rxbuf, rxcap)) <= 0) {
  198. if (rxlen == 0) {
  199. printf("Client closed connection\n");
  200. } else {
  201. printf("SSL_read returned %d\n", rxlen);
  202. }
  203. ERR_print_errors_fp(stderr);
  204. break;
  205. }
  206. /* Insure null terminated input */
  207. rxbuf[rxlen] = 0;
  208. /* Look for kill switch */
  209. if (strcmp(rxbuf, "kill\n") == 0) {
  210. /* Terminate...with extreme prejudice */
  211. printf("Server received 'kill' command\n");
  212. server_running = false;
  213. break;
  214. }
  215. /* Show received message */
  216. printf("Received: %s", rxbuf);
  217. /* Echo it back */
  218. if (SSL_write(ssl, rxbuf, rxlen) <= 0) {
  219. ERR_print_errors_fp(stderr);
  220. }
  221. }
  222. }
  223. if (server_running) {
  224. /* Cleanup for next client */
  225. SSL_shutdown(ssl);
  226. SSL_free(ssl);
  227. close(client_skt);
  228. }
  229. }
  230. printf("Server exiting...\n");
  231. }
  232. /* Else client */
  233. else {
  234. printf("We are the client\n\n");
  235. /* Configure client context so we verify the server correctly */
  236. configure_client_context(ssl_ctx);
  237. /* Create "bare" socket */
  238. client_skt = create_socket(false);
  239. /* Set up connect address */
  240. addr.sin_family = AF_INET;
  241. inet_pton(AF_INET, rem_server_ip, &addr.sin_addr.s_addr);
  242. addr.sin_port = htons(server_port);
  243. /* Do TCP connect with server */
  244. if (connect(client_skt, (struct sockaddr*) &addr, sizeof(addr)) != 0) {
  245. perror("Unable to TCP connect to server");
  246. goto exit;
  247. } else {
  248. printf("TCP connection to server successful\n");
  249. }
  250. /* Create client SSL structure using dedicated client socket */
  251. ssl = SSL_new(ssl_ctx);
  252. if (!SSL_set_fd(ssl, client_skt)) {
  253. ERR_print_errors_fp(stderr);
  254. goto exit;
  255. }
  256. /* Set hostname for SNI */
  257. SSL_set_tlsext_host_name(ssl, rem_server_ip);
  258. /* Configure server hostname check */
  259. if (!SSL_set1_host(ssl, rem_server_ip)) {
  260. ERR_print_errors_fp(stderr);
  261. goto exit;
  262. }
  263. /* Now do SSL connect with server */
  264. if (SSL_connect(ssl) == 1) {
  265. printf("SSL connection to server successful\n\n");
  266. /* Loop to send input from keyboard */
  267. while (true) {
  268. /* Get a line of input */
  269. memset(buffer, 0, BUFFERSIZE);
  270. txbuf = fgets(buffer, BUFFERSIZE, stdin);
  271. /* Exit loop on error */
  272. if (txbuf == NULL) {
  273. break;
  274. }
  275. /* Exit loop if just a carriage return */
  276. if (txbuf[0] == '\n') {
  277. break;
  278. }
  279. /* Send it to the server */
  280. if ((result = SSL_write(ssl, txbuf, strlen(txbuf))) <= 0) {
  281. printf("Server closed connection\n");
  282. ERR_print_errors_fp(stderr);
  283. break;
  284. }
  285. /* Wait for the echo */
  286. rxlen = SSL_read(ssl, rxbuf, rxcap);
  287. if (rxlen <= 0) {
  288. printf("Server closed connection\n");
  289. ERR_print_errors_fp(stderr);
  290. break;
  291. } else {
  292. /* Show it */
  293. rxbuf[rxlen] = 0;
  294. printf("Received: %s", rxbuf);
  295. }
  296. }
  297. printf("Client exiting...\n");
  298. } else {
  299. printf("SSL connection to server failed\n\n");
  300. ERR_print_errors_fp(stderr);
  301. }
  302. }
  303. exit:
  304. /* Close up */
  305. if (ssl != NULL) {
  306. SSL_shutdown(ssl);
  307. SSL_free(ssl);
  308. }
  309. SSL_CTX_free(ssl_ctx);
  310. if (client_skt != -1)
  311. close(client_skt);
  312. if (server_skt != -1)
  313. close(server_skt);
  314. printf("sslecho exiting\n");
  315. return EXIT_SUCCESS;
  316. }